I have an account that is constantly being locked within AD after a password change. On our secondary DC Iooking at the event logs it tells me the first DC is the computer that is causing the lockout. I have looked everywhere on this first DC for where this account is used, but cannot find it. On the first DC within about 30 seconds of unlocking this account I can see an event that states that the particular credentials have been explicitly used. Any idea how I can what app/process is using this account.
I have tried resetting the password back to what it used to be, however the account still gets locked out.
Thanks for your help.